ADVISORIES
- CVE-2013-4593 (NVD)
- GHSA-33vg-hpx5-pfxg
- OSVDB-99888
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
- >= 1.5.1
DESCRIPTION
omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user.